Plateforme de Hacking


HackBBS.org est une communauté faisant évoluer un système de services vulnérables.

Nous apprenons à exploiter de manière collaborative des solutions permettant de détourner les systèmes d'informations.
Cet apprentissage nous permet d'améliorer les technologies que nous utilisons et/ou de mieux comprendre l'ingénierie social.

Nous défendons les valeurs de l'entraide, du challenge personnel et contribuons modestement à rendre l'expérience des utilisateurs finaux la plus agréable possible.

Vous pouvez nous rencontrer via notre salon irc.
Le forum est en cours de remplacement par une version plus moderne, et tout aussi faillible que l'ancien ^^.
A ce jours nous enregistrons plusieurs dizaines de hack réussi contre notre site, et ce chiffre est en constante évolution. Merci a tous les contributeurs!

La refonte est en version alpha. Cette nouvelle plateforme permet de pentester à distance sans avoir son matériel à disposition.
Via l'exécution de scripts python connecté en websocket à l'ihm web, nous pouvons piloter le chargement de scénario
d'attaque/défense en "multijoueur" ^^.
Le système permet de charger des scripts de bibliothèques partagées et de chiffrer les échanges selon les modules déployés.
Vous trouverez dans la rubrique article de nombreux tutoriels afin de mieux comprendre la sécurité informatique,
ainsi que différents articles plus poussés.
Hacker
  • Sniffing
  • Cracking
  • Buffer overflow
  • Créations d'exploits
  • Social engineering
  • L'anonymat sur le web, spoofing
  • Bypass-proxy, Bypass-firewall
  • Injection de code SSI, SQL, etc...
  • Utilisation d'exploits, création de scripts(php, irc, perl)

Nous vous recommandons de sniffer votre réseau lors de votre navigation sur le site. La refonte vous fournira un outillage pour réaliser vos attaques/défenses.

Challenges
Vous pourrez également participer à de nombreux challenges
Dernièrement, les missions relativent aux derniers produits open sources marchent bien :)

Votre ultime challenge sera de défacer HackBBS. De nombreuses failles sont présentes. A vous de les trouver et de les exploiter.

Cet ultime test permettra de constater votre réactions face à une faille.
Black ou White? ^^

Ezine du moment: dialtone.txt


                    The End of the Dial Tone Monopoly 
  ----------------------------------------------------------------------

 
Several weeks ago, one of our British colleagues here placed a good
description of the current status of telephone services deregulation
in the UK, and asked for a response that indicated the usual question
of, "How is it over there?"  The way here in the US is definitely
different, but no one seemed to respond.  It just might be that many
US Digest readers don't yet understand.  What follows is a short piece
I recently prepared for an editor, and I hope it answers both kinds of
parties:
 

                 THE END OF THE DIAL TONE MONOPOLY
           By: Donald E. Kimberlin, Principal Consultant
               Telecommunications Network Architects
                         Safety Harbor, FL
                          August 12, 1990
 
While many Americans have been trained to believe that "dial tone" is
the sacrosanct property of telephone companies, evidence is coming
clear to show that "dial tone" is not a "natural monopoly."  Saying
this is certain to raise many hackles, but it is time we faced up to
it: The "natural monopoly" view of providing Public Switched Telephone
Network services on a local basis was valid in its 1913 context, when
the Bell interests struck a deal to end their pillage of Indpendent
telephone companies in the U.S.
 
Technology and removal of the art of running a telephone network from
the status of "trade secret" has changed all that.  It's occurred so
rapidly and in so many ways that few know of all the prongs now stuck
into what was once a nicely-closed pie.
 
Even though it was published, few took note that in 1984, the
departing Chairman of the FCC said in a speech that since the
demonopolization of long distance service had been accomplished, the
time had come to work on breaking up the local telephone monopoly.
Nobody reported that speech, except the general press the following
day.  It was obvious the Chairman had touched on a taboo of the
telephone business.
 
Despite the fact that the FCC's Open Network Architecture mandate has
gone on and continues to move, nobody wants to face up to what it
really means: Detaching the dial tone of the local network from the
wires of the local telephone company, separating the two such that the
dial tone is put on somebody else's transmission channel, or
connecting the local telephone company's wire to somebody else's dial
tone.
 
That's not any technological breakthrough.  It's been possible for
decades.  The single thing that made the dial tone and transmission
channel inseparable was the lack of "somebody else" being around to do
it with.
 
Well, that's all changed, in more ways than one might think.  Let's
run through a few of the possibilities that really could happen today
 ... but for the desire of "somebody else" to take up the cudgel and
push the matter into full visibility.
 
There are some historical backgrounds to the alternatives that may be
worth knowing about; these often have roots in history of things the
monopoly-era telephone business didn't care too much about.  They are
generally exemplified in reasons behind the FCC's 1947 and 1948
decisions that opened radio-paging and use of microwave radio to
non-Telcos.  (That's right, we're here talking of temblors some four
decades prior to the eruption of nearly unbridled competition in "the
phone business.")
 
For the most part, the Bell interests had so narrowly focused their
business that even though they claimed anything moving information was
their birthright, there were numerous items they handled in only the
most marginal of ways.
 
Among these was telephone service to ships in coastal waters, several
earlier versions of mobile telephone service, various forms of
telegraphy, burglar alarm services and others.  For the most part,
other firms engaged these markets, particularly in the 65% of the land
area of the U.S. covered by non-Bell "Independent" telephone
companies, which focused totally on telephone business.  In that large
territory, almost all non-telephone aspects of telecommunications were
provided by private, often local business.  These almost all used some
form of radio in their business and became known as Radio Common
Carriers (RCC's).
 
We can thus see the roots of the FCC policy of two competing cellular
companies in every market reaching back into these RCCs.  In fact,
McCaw Cellular, one of the larger "non-wireline" cellular operators,
was a long-standing RCC in the pre-divestiture era.
 
In that era of the "natural monopoly," there was more "patching" and
"hauling" of dial tone on RCC facilities than ever made official
print.  Where it was of note, the Telcos treated it as "private," not
as a connection of their PSTN to another common carrier.  The point
was that the only breach in the wall was the connection of "foreign
apparatus" at the extremity of the local network; the bond between
dial tone and local telco wire remained intact.
 
The traffic truth was that telcos accounted for less than half of the
stations and traffic with boats and aircraft, and as the famous Huber
report showed, less than a third of paging and mobile radio
operations.  Much of that had already extended the "dial tone" into
non-Telco hands.
 
That situation was stable for several decades, but it ultimately did
wind up today with dial tone coming from non-wireline cellular
carriers and even dial marine VHF shore stations that are now all
private.
 
The "hauling" of dial tone we can readily see today as microwave
bypass, but it has also gone a giant step beyond.  In a case that no
Telco-employed "consultant" will tell about (it's doubtful they have
been "trained" on it), Arco Oil Company put in its own private
microwave from downtown Dallas, Texas to its corporate headquarters in
suburban Richardson, about ten miles away. Arco's reason:
Dissatisfaction with the performance levels of GTE of Texas, the
"natural monopoly" dial tone supplier for Richardson.  The microwave
hauled Southwestern Bell dial tone from downtown Dallas to Richardson.
To reach Arco, all one did was dial a Dallas number.  The dial tone on
Arco's PBX was SW Bell, not GTE.
 
When Arco's "illegal action" was discovered, GTE of course wanted its
brother in the cloth, Southwestern Bell to disconnect the dial tone.
Both telcos got the Texas utility regulators to order them to
disconnect, but Arco is no stranger to court action.  Arco immediately
went to the FCC, arguing that the dial tone was only incidental to
connections containing a high proportion of interstate traffic, which
was beyond the purview of the Texas State regulators.  The result: The
FCC ordered Southwestern Bell to maintain dial tone supply to Arco's
microwave channels to Richardson, to provide interstate calling
service.  GTE and Southwestern Bell appealed, and after several years
in the Federal Appeals courts, GTE and SW Bell lost again in early
1990, with but one step left: The U.S. Supreme Court.
 
It is unlikely that GTE or SW Bell want to risk a Supreme Court
decision after the several slaps they have suffered on their way to
the Supreme Court; they doubtful would want to be responsible for it
becoming wide public knowledge that the "natural monopoly" for a dial
tone is really no longer supported by the US government and its
courts.
 
An outfall of this is that if you have the means and desire, you can
really carry in a dial tone from wherever you want.  That opens a
wealth of possibilities.  It means that anyone who has the means to
provide transmission to your premises can import a dial tone from
whatever local telco network they want.  The issue to settle is if
they can SELL it to you.  This portends a boon to independent Telcos
located in the hinterlands who want to engage in selling their dial
tone to people a thousand miles away. (And if you REALLY understand
the true love/hate relation between Bell and Independent Telcos in the
US, you'll see that's not a flight of fancy!)
 
Who would sell this dial tone?  The first moves have already been made
in England, where instead of simply demonopolizing long distance, the
government authorized a "duopoly," permitting England's globe-spanning
Cable & Wireless to establish Mercury Communications to provide local
dial tone as well.  Mercury has done so in more than one way.  In the
major cities, Mercury immediately pulled fiber into abandoned steam
pipes and used Northern Telecom's telephone network architecture and
equipment to pop electronic exchanges in service with a speed most
telephone people would not understand.
 
The Mercury network was operational almost overnight, in typical
telephone capital plan terms.  And, Mercury offered services that
British Telecom hadn't thought of, like Centrex, intrinsically
available in the NT equipment, but not in BT-controlled designs, even
the fabled System X.  In less-dense areas, Mercury used existing
technology to use vacant capacity in cable TV systems to reach
telephone subscribers.  The latter method has been slow to expand, but
not for technical limits as much as economic disagreement with the
cable operators.
 
The implication for the U.S. is obvious: Your local cable TV company
has the transmission plant in place to become the "other phone company
in town."  The technology to get telephone channels on the present
coaxial cble plant exists; there is no need for a "fiber rebuild" to
handle the need.  Existing unused capacity in many US cable TV systems
offers in the order ot 50,000 lines of capacity in every cable passing
every building.  The "fiber" story is chanted by Telcos, because they
need fiber to get their capacity up to be able to compete in wideband
data and television carriage.  Adding fiber to the cable TV systems is
just a convenience and modernization to their plant.  In fact, in many
disparate areas of the nation, cable TV companies have quietly sold
telephone and data channel capacity for years, some even
interconnected between cable companies for distances in excess of 100
miles, and channels up to T-1 digital rate.  Again, these are not
applications stories your Telco-paid "consultant" is likely to tell
you about, but they are not secret nor are they illegal.  Carrying a
dial tone down them is no great technology problem at all.
 
Another front of the attack on the "dial tone monopoly" exists in the
buzzword "co-location" now being raised more loudly by another new
form of competition to the local Telcos, the Alternative Access
Carriers.  The AACs are typically local fiber optic network providers
such as the Metropolitan Fiber Systems now building in more than 20
cities around the nation, with nearly parallel competition from
Teleport Communications in most of the same cities, while there are a
number of unpublicized regional local fiber companies, like Florida's
Intermedia Communications.  Williams Telecommunications Group
headquartered in Tulsa, OK seems to be making moves to acquire some of
these firms and as well build some plant of its own in cities.
 
Another aspect of this incursion into the "local monopoly" may come
from MCI, through its acquisition last year of the local facilities of
Western Union Telegraph natiowide.  My own work led to discovering
miles of brand new Western Union conduit in the streets of Los Angeles
late last year prior to the MCI purchase, while another recent
revelation was discovery of *wooden* WUTCo conduits in Oklahoma City
recently.  All this is now MCI property, and its purpose is obvious;
MCI's intent to use it is not yet so obvious.
 
The AAC segment is following MFS's lead to get local Telcos ordered to
permit interconnection of their channels to user premises to Telco
dial tone.
 
But, they have no need to wait for that.  They can just as well import
dial tone from wherever they want, for VSATs already make that
practical.  In fact, if the U.S. can get cheap computer data entry
performed on Caribbean islands by VSAT link, what is there to prevent
U.S. AACs from importing cheap dial tone via VSAT from them as well?
Probably nothing, if anyone really looks into the possibility.
 
And, most recent, we have alternative space-based potentials.
Motorola's IRIDIUM is but one, and has recently been well-publicized
and described.  Less public is NASA's Personal Access Satellite System
(PASS), which proposes to use techniques rather well-developed by the
military for acquiring and tracking on geosynchronous satellites. PASS
focuses on developing use of the 35 gigahertz portion of the spectrum
where enormous dish gains are possible with 0.3 meter (12 inch!)
dishes and tiny transportable earth stations, offering megabit-sized
data streams to even the remotest of locations. Both IRIDIUM and PASS
propose use of satellite "crosslinks," the satellite term for having
the switching network in the sky with direct trunklines between
satellites.  So, you could readily be in Detroit but getting your dial
tone from Auckland.  In fact, what's to say there can't be a "virtual
Centrex" located in satellites, so the "global corporation" can have a
"global Centrex?"
 
In this context of our ability to get a dial tone from anywhere at a
cheap price, does it really seem so strange that we do it?  The
technology for much of it is already in hand; some of it has really
already been used, and all of it is so close to accomplishment that we
will be doing it soon.
 
The largest obstacle is not in technology at all; it is in people's
emotions and in vested economic interests of an industry that faces
threats many of its most endangered species participants cannot even
understand:  America's local "natural monopoly" telephone companies.
 
                          ----------------
 
(Historical afternote: One way to understand the way in which the
"natural dial tone monopoly" has been fabricated and ingrained into
minds in the U.S. is to read a book on the non-Bell "independent"
telephone industry.  This history has been documented several times
this century, and the latest is titled, "The Spirit of Independent
Telephony," by Charles A. Pleasance, 1989, ISBN 0-9622202-0-7.

It indexes 37 U.S. cities that once had independent telcos competing
with Bell, and I know of others that had multiple independent Telcos,
some until after WW II.  This history will surprise some when they
learn that the Independent telcos even tried to form a non-Bell long
distance network; one that Bell interests finally quashed with the
formation of AT&T's Long Lines "department," really a shadow company
that built the long-distance links and pooled the money collected for
long distance calls.  The point here is that the "natural monopoly"
concept for dial tone is a fabrication that may have made sense in
1913, was driven home by vested interests, and today is obviously a
dinosaur running out of food.)
 
------------------------------





Manifest
Le but de ce site est de mieux comprendre la sécurité informatique.
Un hacker par définition est une personne qui cherche à améliorer les systèmes d'information dans le seul et unique but de contribuer à la stabilité de ces systèmes!
La croyance populaire laisse entendre que les hackers sont des pirates.
C'est vrai. Mais il y a différents types de pirate.
Tout comme il y a différents types de personnes.
Les bavures courantes auxquelles on pense lorsqu'on évoque le terme de pirate informatique
seraient les hacks de compte msn, ordinateurs lâchement trojantés avec des exploits déjà tous faits
et encore peut-on classifier en tant que hack le fait de spammer
alors que depuis plus de 15 ans des scripts tous faits le font extrêmement bien?

Ce ne sont pas des hackers qui font ça!!!
Nous appelons ces gens des lammers! Quand ils sont mauvais,
ou des black hat lorsqu'ils sont doués dans la mise en application de leurs méfaits.
Aucun amour propre - Aucune dignité
Agissent par dégout, vengeance ou simple plaisir.
Les raisons peuvent être nombreuses et je ne prétends pas devoir juger qui que ce soit.
Je pense juste que l'on ne doit pas utiliser l'épée de fly pour commettre des injustices.
Il est 100 fois plus profitable d'améliorer un système que de marcher sur un château de sable... même si marcher sur un château de sable est rigolo :P
A vous de trouver votre amusement. ;)

Tu peux réagir sur la shootbox


Disclaimer Veuillez lire obligatoirement les règles ci-dessous avant de consulter ce site.
Conformément aux dispositions des différentes lois en vigueur, intrusions et maintenances frauduleuses sur un site, vol et / ou falsification de données.
Vous ne devez en aucun cas mettre en application les stratagèmes mis en place par ce site, qui sont présentés uniquement à titre d’éducation et de recherche dans le domaine de la protection de données.
Vous ne devez en aucun cas utiliser ce que vous aurez découvert, sauf si vous avez une autorisation écrite de l’administrateur d’un site ou que celui-ci vous ai ouvert un compte uniquement pour la recherche de failles.
Tout cela est interdit et illégal ne faites pas n'importe quoi.
Vous acceptez donc que l'administrateur de ce site n'est en aucun cas responsable d'aucun de vos actes. Sinon quittez ce site.
Vous êtes soumis à ce disclaimer.
ET À CE TITRE, NI LA COMMUNAUTÉ, NI L'ADMINISTRATEUR, NI L'HÉBERGEUR, NE POURRONT, NI NE SERONT RESPONSABLE DE VOS ACTES.